Access to data broadcast in encrypted form based on blockchain

ABSTRACT

A solution is proposed for controlling access to data that are broadcast over a telecommunication medium. A corresponding method comprises validating by a plurality of validator devices an access request that is submitted by an access device for accessing the data. The validator devices update a blockchain by adding a new block comprising an indication of the access request in response to a positive result of its validation. A provider system transmits cryptographic information for decrypting the data to the access device in response to the new block. A corresponding method for broadcasting data by a provider system and a corresponding method for accessing broadcast data by an access device are proposed. Corresponding computer programs and computer program products for performing the methods are also proposed. Moreover, corresponding structure, provider system and access device are proposed.

BACKGROUND

The background of the present disclosure is hereinafter introduced withthe discussion of techniques relating to its context. However, even whenthis discussion refers to documents, acts, artifacts and the like, itdoes not suggest or represent that the discussed techniques are part ofthe prior art or are common general knowledge in the field relevant tothe present disclosure.

Broadcasting is commonly used to distribute data over physicaltelecommunication media (for example, electromagnetic waves or cables)from a transmitter to dispersed receivers (within a correspondingbroadcasting range). The broadcasting is based on a one-to-many model,wherein everyone in the broadcasting range may receive the data (with anappropriate equipment). A typical example is television (TV). In thiscase, the data are TV transmissions that are broadcast by TV stations toTV sets for their viewing.

Sometimes, access to the data being broadcast has to be limited toauthorized receivers. With reference again to the example of thetelevision, in pay TV services, the viewing of the TV transmissions ispermitted only to subscribers of a provider of corresponding TVstations, which have subscribed suitable contracts with the provider(involving the payment of corresponding subscription fees). In thiscase, an access control technique is implemented wherein the data aregenerally protected by broadcasting them in a masked form that does notallow their direct exploitation (for example, by encrypting them with asecret key commonly referred to as control word). The authorizedreceivers may easily restore the data in their original form (bydecrypting the encrypted data with the control word in this case),whereas any other (unauthorized) receivers may not do it (at leastwithout considerable effort).

For example, in the pay TV services, each subscriber has a decoder fordecrypting the TV transmissions and a smart card to be inserted into thedecoder for providing the corresponding control words. The smartcardensures a relatively high level of security of the information storedtherein. Moreover, security measures for preventing piracy acts (whereinunauthorized users illicitly manage to view the TV transmissions withoutsubscribing to the provider or in breach of their contracts) may bechanged in a relatively inexpensive way by issuing a new smartcardwithout the need of changing the whole decoder. Particularly, thesmartcard stores an entitlement of the subscriber to view specific TVtransmissions according to its contract. The entitlement is updated byManagement Entitlement Messages (MEMs) addressed to the smartcard thatare broadcast by the provider together with the TV transmissions.Moreover, the smartcard stores an exploitation key for recovering thecontrol word. The exploitation key is updated periodically (for example,every month) by Entitlement Control Messages (ECMs) that are broadcastby the provider together with the TV transmissions as well. The controlword of any TV transmission is changed very frequently (for example,every few seconds), in order to hinder the piracy acts. Whenever thecontrol word is changed, the provider broadcasts an ECM that containsthe control word encrypted with the exploitation key. The smartcarddetermines whether the subscriber is authorized to view a TVtransmission according to its entitlement; if so, the smartcard decryptsthe control word (with the exploitation key stored therein) and passesit to the decoder that in turn decrypts the TV transmission.

However, an (authentic) smartcard may be used in a fraudulent decoder tointercept the control words and then distribute them (for example, inInternet) to fraudulent decoders of unauthorized users to allow themviewing the TV transmissions illicitly. The (authentic) smartcard mayalso be cloned into fraudulent smartcards that may then be used bycorresponding unauthorized users to view the TV transmissions illicitly.More simply, illicit sharing of the (authentic) smartcards is possible.For example, a (cheating) subscriber may bring his/her smartcard to thedecoder of another subscriber and use it to decrypt the TV transmissionss/he is authorized to view. In this way, the other subscriber mayillicitly view TV transmissions that it is not authorized to view;moreover, the TV transmissions may be illicitly viewed in an(unauthorized) condition (for example, in a public environment whereasthe subscriber is authorized to view them only in a domesticenvironment).

SUMMARY

A simplified summary of the present disclosure is herein presented inorder to provide a basic understanding thereof. However, the solepurpose of this summary is to introduce some concepts of the disclosurein a simplified form as a prelude to its following more detaileddescription, and it is not to be interpreted as an identification of itskey elements nor as a delineation of its scope.

In some embodiments, an aspect provides a method for controlling accessto data that are broadcast over a telecommunication medium. The methodcomprises validating by a plurality of validator devices an accessrequest that is submitted by an access device for accessing the data.The validator devices update a blockchain by adding a new blockcomprising an indication of the access request in response to a positiveresult of its validation. A provider system transmits cryptographicinformation for decrypting the data to the access device in response tothe new block.

A further aspect provides a corresponding method for broadcasting databy a provider system.

A further aspect provides a corresponding method for accessing broadcastdata by an access device.

A further aspect provides corresponding computer programs forimplementing the methods.

A further aspect provides corresponding computer program products forimplementing the methods.

A further aspect provides a corresponding structure.

A further aspect provides a corresponding provider system.

A further aspect provides a corresponding access device.

More specifically, one or more features of the present disclosure areset out in the independent claims and features thereof are set out inthe dependent claims, with the wording of all the claims that is hereinincorporated verbatim by reference (with any feature provided in adependent claim applying mutatis mutandis to some or all of the otherindependent claim).

BRIEF DESCRIPTION OF THE DRAWINGS

The solution of the present disclosure, as well as further features andthe advantages thereof, will be best understood with reference to thefollowing detailed description thereof, given purely by way of anon-restrictive indication, to be read in conjunction with theaccompanying drawings.

FIG. 1A-FIG. 1D show an example of application of the solution accordingto an embodiment of the present disclosure.

FIG. 2 shows a schematic block diagram of an infrastructure wherein thesolution according to an embodiment of the present disclosure may bepracticed.

FIG. 3 shows the main software components that may be used to implementthe solution according to an embodiment of the present disclosure.

FIG. 4A-FIG. 4D shows an activity diagram describing the flow ofactivities relating to an implementation of the solution according to anembodiment of the present disclosure.

DETAILED DESCRIPTION

With reference in particular to FIG. 1A-FIG. 1D, an example is shown ofapplication of the solution according to an embodiment of the presentdisclosure.

Starting from FIG. 1A, a provider of TV services has one or more TVstations 105 (only one show in the figure). The TV station 105broadcasts TV transmissions (i.e., moving images and sound representedby a data stream in digital television) over corresponding TV channels;for example, the TV transmissions are movies, shows, sport events,newscasts, documentaries. The TV transmissions are received by everyonewithin a broadcast range of the TV station 105 (for example, in acorresponding country). However, the provider implements an accesscontrol technique to limit access to the TV transmissions for theirviewing only by (authentic) access devices; for example, each accessdevice is formed by a decoder 110 wherein a smartcard 115 is inserted.The access devices 110,115 are assigned by the provider to subscribersthereof, which have subscribed corresponding contracts with the provider(authorizing them to view one or more TV transmissions). For thispurpose, the TV transmissions are encrypted with correspondingtransmission keys (making the TV transmissions unintelligible); thetransmission keys are provided to the access devices 110,115, whichdecrypt the TV transmissions (restoring their original form) for viewingonto corresponding TV sets 120.

Moving to FIG. 1B, in the solution according to an embodiment of thepresent disclosure the access control technique is based on a blockchain125.

In general, a blockchain is a distributed ledger that stores information(in the form of transactions). The transactions are stored into asequence of blocks in chronological order; the blocks are linked to eachother so as to make it more and more computationally difficult to altera block as the number of further blocks following it in the blockchainincreases. The blockchain is distributed in a peer-to-peer network ofnodes, which nodes validate its content according to a consensus schemathat determines the actual valid version of the blockchain (with nocentralized version of the blockchain that exists and no node that ismore trusted than any other node is).

More specifically, each block is formed by a body and a header. The bodycomprises one or more transactions. The header comprises the followingfields: version, transaction number, time stamp, previous hash, Merkleroot, target and nonce. A version indicates a version of rules that areused to validate the blockchain. A transaction number indicates thenumber of transactions contained in the body. A time stamp indicates adate and time of the last (more recent) transaction of the block. Aprevious hash is the hash of the previous block in the blockchain (nullfor the first, or genesis, block). A Merkle root is the hash of thehashes of all the transactions of the block (constructed by pairing eachtransaction with another transaction and calculating the hash of theirhashes and so on until all the transactions have been processed, withthe last transaction that is paired with itself when the transactionsare in odd number). A target indicates a maximum value that isacceptable for the hash of the header. A nonce is a value that is addedto the hash of the header to make it lower than the target.

New transactions to be inserted into the blockchain are distributed intothe network for the addition of corresponding new blocks to theblockchain. Every (full) node working on the addition of any new blockto the blockchain have to solve a problem, which is a mathematicalpuzzle consisting in determining the nonce that makes the hash of theheader of the new block lower than the target (which target is updatedperiodically to ensure an adequate difficulty of the mathematicalpuzzle). Since it is not possible to predict the hash of a number apriori, for this purpose it is necessary to iterate through everypossible value of the nonce and to calculate the corresponding hashuntil it falls below the target (with the lower the target the moreattempts are needed on the average to obtain the desired result therebyincreasing the difficulty of the mathematical puzzle). The hash iscalculated for the header only (independently of the body), which headerhas several easy-to-modify fields so that the node may work on the newblock (or more of them at the same time) without waiting for all itstransactions. The first node that solves the mathematical puzzle createsthe new block by adding the corresponding new transactions to its body(after they have been successfully validated by the node) and thecorresponding header (with the nonce so determined). This node then addsthe new block to the blockchain and distributes the new block into thenetwork. Every node receiving the new block defining a different versionof the blockchain (with respect to the one stored therein) compares thescores of these versions of the blockchain; the score is defined by acumulative effort required to create the blockchain (substantiallycorresponding to its length); if the score of the received version ofthe blockchain is higher than the score of the stored version of theblockchain (i.e., it is longer and then more difficult to create), thenode validates the new block and, in case of positive result, adds thenew block to the blockchain and distributes it again into the network(at the same time abandoning any working on the correspondingtransactions). Because the blocks are linked in succession by theirprevious hashes, any (malicious) modification of a block would requirethe modification of all the blocks following it in the blockchain;however, because every node gives precedence to the longest version ofthe blockchain and because of the effort required to solve themathematical puzzles required to add its blocks, the maliciousmodification would require a processing power comparable to the onespent by the whole network to expand the blockchain from the originalversion of this block up to its end (so that this becomes already verydifficult when the original version of the block if followed by a fewother blocks, unless a majority of the processing power of the networkis acquired). In a permissionless (or public) blockchain no controlexists on the access to the blockchain; in this case, a proof of workschema is implemented wherein the nodes that add new blocks to theblockchain (referred to as miners) are remunerated for their work insolving the corresponding mathematical puzzles. Conversely, in apermissioned (or private) blockchain the access to the blockchain iscontrolled by an owner of the network; in this case, the nodes that mayadd new blocks to the blockchain (referred to as validators) are vettedby the owner of the network.

In the context of the present disclosure, the transactions stored in theblockchain 125 relate to the accesses to the TV transmissions by theaccess devices 110,115 and the nodes of the network comprise the accessdevices 110,115. In an embodiment, the blockchain is permissioned,wherein the network comprises a (provider) system 130 of the providerand one or more validators 135 that have been vetted by the providersystem 130 to add new blocks to the blockchain 125.

Moving to FIG. 1C, whenever a new access device (differentiated with thereference numerals 110 n,115 n) desires to access a TV transmission (ormore) for its viewing onto a corresponding TV set (differentiated withthe reference numeral 120 n), the access device 110 n,115 n submits anaccess request to the validators 135. In response thereto, thevalidators 135 validate the access request according to correspondingauthorizations to access the TV transmissions that have been granted bythe provider system 130 to the access devices 110,115 (for example,comprised in the blockchain 125).

Moving to FIG. 1D, assuming that a consensus is reached by thevalidators 135 on a positive result of the validation of the accessrequest, a new block with a transaction comprising an indication of theaccess request is added to the blockchain 125. In response thereto, theprovider system 130 transmits cryptographic information for the TVtransmission (for example, a first remote part of its transmission key,or simply remote key) to the access device 110 n,115 n. The accessdevice 110 n,115 n may then decrypt the TV transmission according to thecryptographic information, for example, by using the remote key incombination with a second local part of the transmission key, or simplylocal key, stored in its smartcard 115 n.

The above-described solution allows controlling the access to the TVtransmissions in a very effective way.

Particularly, in this manner it is possible to prevent (or at least tohinder substantially) any interception of the transmission keys byfraudulent decoders for its distribution to other fraudulent decoders ofunauthorized users to allow them viewing the TV transmissions illicitly.Likewise, it is possible to prevent (or at least to hindersubstantially) any use of fraudulent smartcards, obtained by cloning an(authentic) smartcard, by corresponding unauthorized users to view theTV transmissions illicitly.

Moreover, it is possible to prevent (or at least to hindersubstantially) any illicit sharing of the (authentic) smartcards, forexample, the use of a smartcard of a (cheating) subscriber in thedecoder of another subscriber or in an (unauthorized) condition.

All of the above is achieved with a collaborative approach, whichprovides a high level of security (thanks to the lack of any centralizedpoint of vulnerability) at the same time with a high level ofavailability and performance (thanks to its distributed nature).Moreover, all of the above makes it possible to relax the (periodic)change of the transmission keys (with a beneficial effect on complexityand network traffic), for example, by making the changes less frequent.

The blockchain also logs all the accesses to the TV transmissions in asubstantially permanent way. This information may then be used by theprovider for auditing purposes (for example, to identify fraudulentdecoders, fraudulent smartcards, and/or cheating subscribers).

With reference now to FIG. 2 , a schematic block diagram is shown of aninfrastructure 200 wherein the solution according to an embodiment ofthe present disclosure may be practiced.

The infrastructure 200 comprises (for each provider) its TV stations 105(only one shown in the figure), the decoders 110 and the smartcards 115of its subscribers (coupled with their TV sets, not shown in thefigure), at least some of them further operating as validators, and itsprovider system 130. For example, the TV station 105 is formed by aradio antenna (mounted on top of a radio tower) that receives the(encrypted) TV transmissions (in the form of corresponding digital datastreams) from a control center of the provider and broadcasts them overthe air (modulated in analog form onto corresponding TV channels) via anetwork of radio repeaters. The provider system 130 is implemented byone or more server computing machines, or simply servers, that are partof the control center of the provider. Each decoder 110 is a Set Top Box(STB) that has a slot for inserting the smartcard 115, a TV tuner forreceiving the (encrypted) TV transmissions, an output port for providingthe (decrypted) TV transmissions (in the form of a digital TV signal) tothe TV set and a control unit for controlling its operation. Eachsmartcard 115 is a plastic support with the shape of a bank card thatembeds a control unit and is provided with a set of contacts forconnecting to the decoder 110.

The decoders 110 and the provider system 130 are connected to a(telecommunication) network 205 for communicating among them in a secureway (providing authentication, integrity and confidentiality). Forexample, the network 205 is a Virtual Private Network (VPN) that isimplemented by the provider system 130 over the Internet. In this way,it is very difficult (in not impossible) to connect to the VPN by anyfraudulent decoders or to sniff any communications over the VPN.

Each of the above-mentioned computing machines (decoders 110, smartcards115 and provider system 130) comprises several units that are connectedamong them through a bus structure 210 with one or more levels (with anarchitecture that is suitably scaled according to the type of thecomputing machine 110,115,130). Particularly, one or moremicroprocessors (μP) 215 control operation of the computing machine110-115,130; the microprocessors 215 may comprise a cryptographicco-processor (or more) for performing cryptographic operations. Anon-volatile memory (ROM) 220 stores basic code for a bootstrap of thecomputing machine 110,115,130 and a volatile memory (RAM) 225 is used asa working memory by the microprocessors 215. The computing machine110,115,130 is provided with a mass-memory 230 for storing programs anddata, for example, hard disks for the decoders 110, flash E²PROMs forthe smartcards 115 and storage devices of one or more data centerswherein the servers of the provider system 130 are implemented.Moreover, the computing machine 110,115,130 comprises a number ofcontrollers for peripherals, or Input/Output (I/O) units, 235. Forexample, the peripherals 235 of each decoder 110 comprise one or morecontrol buttons, an infrared port for receiving commands from a remotecontrol, the slot for the smartcard, the TV tuner, the output port forthe TV set and a network adapter for accessing the network 205, theperipherals 235 of each smartcard 115 comprise its contacts and theperipherals 235 of each server of the provider system 130 comprise anetwork adapter for plugging the server into the corresponding datacenter and then connecting it to a console of the data center (forexample, a personal computer, also provided with a controller forreading/writing removable storage units such as optical disks, likeDVDs) and to a switch/router sub-system of the data center for itsaccess to the network 205.

With reference to FIG. 3 , the main software components are shown thatmay be used to implement the solution according to an embodiment of thepresent disclosure.

Particularly, all the software components (programs and data) aredenoted as a whole with the reference 300. The software components aretypically stored in the mass memory and loaded (at least in part) intothe working memory of the corresponding computing machines when theprograms are running, together with corresponding operating systems andpossible other application programs (not shown in the figure). Theprograms are initially installed into the mass memory, for example, fromremovable storage units or from the network. In this respect, eachprogram may be a module, segment or portion of code, which comprises oneor more executable instructions for implementing the specified logicalfunction.

Starting from the provider system 130, it comprises the followingsoftware components.

An access manager 303 manages the access to the TV transmissions. Theaccess manager 303 accesses (in read mode) a subscriber registry 306.The subscriber registry 306 stores information relating to thesubscribers of the provider. Particularly, the subscriber registry 306has a record for each subscriber. The record comprises a (unique)identifier of the subscriber, his/her personal information such as name,address, telephone number, e-mail address (provided that the subscriberhas given the required consent) and a public key of the subscriber. Therecord also comprises an entitlement of the subscriber to view the TVprograms. The entitlement is defined by (unique) identifiers of one ormore decoders and (unique) identifiers of one or more smartcardsprovided to the subscriber, which smartcards are associated withcorresponding contracts indicating a (unique) identifier of a set of TVtransmissions that the subscriber is authorized to view in a specificcondition. For example, each contract authorizes the subscriber to viewa single TV channel or a bouquet of TV channels (such as dedicated toentertainment, sports, etc.) in domestic or public environment for aperiod, such as every month, subject to the payment of a correspondingsubscription fee. For example, the subscriber registry 306 is maintainedby an accounting system of the provider (not shown in the figure), whichadds new subscribers, updates their personal information andentitlements, records their payments and issues corresponding invoices.

The access manager 303 also accesses (in read mode) a decoder registry309. The decoder registry 309 stores information relating to thedecoders 110 of the provider. Particularly, the decoder registry 309 hasa record for each decoder 110. The record comprises the identifier and apublic key of the decoder 110. The record also comprises a (known)fingerprint of the decoder 110. The fingerprint is based on one or morecharacterizing features defined by physical properties that characterizethe decoder 110 The characterizing features are substantiallyunpredictable, so as to make it very difficult (if not impossible) toreproduce the same characterizing features in different decoders. Forexample, the characterizing features are inherently random values of oneor more components of the decoder 110, such as their material ormanufacturing processes/systems. Suitable candidates for thecharacterizing features are wire/gate delays of integrated circuits.Moreover, the record comprises a validator flag that is asserted whenthe decoder 110 further operates as validator. For example, the decoderregistry 309 is maintained by a procurement system of the provider (notshown in the figure) that adds/deletes the decoders 110, and by anadministration system of the provider (not shown in the figure) thatvets the decoders 110 as validators. Moreover, the access manager 303accesses (in read/write mode) a blockchain repository 312, which storesa version of the blockchain that is currently known to the providersystem 130.

The access manager 303 interacts with a VPN server 315, which implementsa VPN for communicating among nodes defined by the provider system 130and the decoders 110 (by maintaining a list of network addresses andpublic keys of the decoders that are currently connected to the VPN).The VPN server 315 accesses (in read mode) the decoder registry 309.Both the access manager 303 and the VPN server 315 interact with a(central) cryptographic engine 318, which performs cryptographicoperations based on a Public Key Infrastructure (PKI). The PKI leveragesan asymmetric encryption technique involving the use of pairs of keys,each formed by a (non-confidential) public key and a (confidential)private key that are generated so that it is computationally unfeasibleto obtain the private key from the public key; each (public/private) keymay be used to encrypt a message (into an apparently unintelligibleform), with the other key that may then be used to decrypt the encryptedmessage (to restore its original form). The cryptographic engine 318 hashardcoded therein (in a protected way) a pair of public key and privatekey of the provider system 130. The cryptographic engine 318 also stores(in a protected way) one or more local keys used to encrypt the TVtransmissions (for example, a single local key the same for all the TVtransmissions). Moreover, the cryptographic engine 318 maintains a listof the transmission keys (with their remote keys) associated with theidentifiers of the sets of TV transmissions that the system provider 130may authorize to view. The encryption engine 318 is coupled with a TVtransmission source 321, for example, implemented by one or moreproduction systems (not shown in the figure) of the provider, forreceiving the TV transmissions to be broadcast. The encryption engine318 controls a TV station drive 324, which drives the TV stations of theprovider (not shown in the figure) to broadcast the TV transmissions inencrypted form.

Moving to each decoder 110 (only one shown in the figure), it comprisesthe following software components.

An access client 327 is used to access the TV transmissions (which thecorresponding subscriber is authorized to view). The access client 327has hardcoded therein the identifier of the decoder 110. The accessclient 327 exploits a fingerprint calculator 330, which calculates thefingerprint of the decoder 110, by exploiting one or more probes (notshown in the figure) for measuring the corresponding characterizingfeatures of the decoder 110. A verification engine 333 verifies (in afast way) the other decoders when they turn-on. The verification engine333 maintains a verification cache. The verification cache has a recordfor any other decoder that has already been verified wherein the recordcomprises the identifier of the other decoder and a result of itsverification (positive/negative). When the decoder 110 may furtheroperate as validator, a validation engine 336 validates any newtransactions for the addition of corresponding new blocks to theblockchain. Both the access client 327 and the validation engine 336access (in read/write mode) a blockchain repository 339, which stores aversion of the blockchain that is currently known to the decoder 110.

The access client 327, the verification engine 333 and the validationengine 336 interact with a VPN client 342, which is used to communicateover the VPN implemented by the provider system 130 (by interacting withits VPN server 315). The VPN client 342 stores the network address andthe public key of the provider system 130 Moreover, the VPN clientmaintains a list of network addresses, public keys and validator flagsof the other decoders that are currently connected to the VPN. Theaccess client 327, the validation engine 336 and the VPN client 342interact with a (local) cryptographic engine 345. The cryptographicengine 345 has hardcoded therein (in a protected way) a pair of publickey and private key of the decoder 110. Moreover, the cryptographicengine 345 maintains the transmission key associated with the identifierof the set of TV transmissions to be decrypted. The encryption engine345 is coupled with a TV tuner drive 348 for receiving the (encrypted)TV transmissions that are broadcast by the provider system 130. Theencryption engine 345 controls a TV set drive 351, which drives the TVset (not shown in the figure) by providing it the (decrypted) TVtransmissions for their viewing thereon. The access client 327 exploitsa smartcard drive 354, which drives the smartcard 115 inserted into thedecoder 110.

Moving to each smartcard 115 (only one shown in the figure), itcomprises the following software components. An I/O interface 357 isused to exchange information between the smartcard 115 and the decoder110 (by interacting with its smartcard drive 354). The I/O interface 357has hardcoded therein the identifier of the smartcard 115. The I/Ointerface 357 accesses (in read mode) a key repository 360, which stores(in a protected way) a pair of public key and the private key of thecorresponding subscriber and the local key.

With reference now to FIG. 4A-FIG. 4D, an activity diagram is showndescribing the flow of activities relating to an implementation of thesolution according to an embodiment of the present disclosure.

Particularly, the activity diagram represents an exemplary process thatmay be used to control the access to the TV transmissions with a method400. In this respect, each block may correspond to one or moreexecutable instructions for implementing the specified logical functionon the control server.

Starting from the swim-lane of the provider system, in operation the TVtransmission source at block 401 continually receives the TVtransmissions to be broadcast. Concurrently, the cryptographic engineencrypts the TV transmissions with their transmission keys. Thecryptographic engine at block 402 passes the (encrypted) TVtransmissions to the TV station drive that broadcasts them over the aircontinuously.

Meanwhile, any change may be applied to the subscribers in thecorresponding registry by the accounting system (for example, with theaddition/modification/removal of a subscriber, the addition/removal of adecoder, the addition/removal of a smartcard or any modification of itscontract). As soon as the access manager determines the change (forexample, by monitoring the subscriber registry or in response to acorresponding notification) the process passes from block 403 to block404. In response thereto, the access manager creates a correspondingentitlement request for updating the blockchain accordingly. Theentitlement request indicates the change; in case the change comprisesany personal information of the subscriber, the personal information isencrypted with the public key of the subscriber (retrieved from thesubscriber repository) to ensure its confidentiality. The access managerat block 405 creates a new transaction for the entitlement request,signed with the private key of the provider system (via thecryptographic engine), and distributes it into the VPN (via the VPNserver). The process then returns to the block 403 waiting for theapplication of any further change to the subscribers.

Moving to the swim-lane of each access device formed by a decoder withits smart card (only one shown in the figure), the decoder turns on atblock 406. Once a boot of the decoder has been completed, thefingerprint calculator at block 407 calculates the (actual) fingerprintof the decoder; for this purpose, the fingerprint calculator measuresthe characterizing features of the decoder defining it (via thecorresponding probes) and combines them into the actual fingerprint (forexample, by setting the actual fingerprint equal to the product of thecharacterizing features). In this way, since the characterizing featuresof the decoder (substantially unpredictable) are measured in real-time,even if the decoder should be cloned it would be very difficult, if notimpossible, to obtain the same actual fingerprint (which may not becopied since it is not stored anywhere in the decoder). The accessclient at block 408 commands the VPN client to submits a connectionrequest over the Internet to the network address of the provider systemfor connecting to the VPN. The connection request indicates theidentifier, the fingerprint and the public key of the decoder and it issigned with the private key of the decoder (via the cryptographicengine). In the swim-lane of the provider system, the VPN server is in alistening condition at block 409 for any connection requests. As soon asthe VPN server receives the above-mentioned connection request from thedecoder, the VPN server at block 410 authenticates the decoder, byverifying the signature of the connection request with the public key ofthe decoder associated with its identifier in the decoder repository(via the cryptographic engine) and, in case of positive result of thisoperation, by verifying whether the actual fingerprint matches (forexample, it is the same as) the known fingerprint of the decoder(contained in the decoder registry as indicated by its identifier). Ifboth the signature is correct and the actual fingerprint matches theknown fingerprint, the result of the authentication is positive.Conversely (meaning that the decoder has been cloned), the result of theauthentication is negative.

The flow of activity branches at block 411 according to the result ofthe authentication. In case of negative result of the authentication,the process directly returns to the block 409. In this way, theconnection request is refused (with the possibility of logging therefused connection request for auditing purposes), thereby ensuring thatonly authentic decoders may connect to the VPN. Conversely, in case ofpositive result of the authentication, the VPN server at block 412connects the decoder to the VPN, by adding its network address andpublic key to the corresponding list and sending an acknowledgment tothe decoder, comprising the public key of the provider system (in orderto establish a cryptographic tunnel between the provider system and thedecoder via their public/private keys for any next communicationsbetween them) and the validator flag of the decoder (to set it as avalidator when asserted). The process then returns to the block 409.Referring again to the swim-lane of the access device, in response tothe acknowledgment of its connection to the VPN, the VPN client at block413 saves the public key of the provider system that has been receivedtherefrom.

At this point, the decoder has no transmission key (at its installation)or it is very likely to have an old version of the transmission key forthe corresponding set of TV transmissions (at its re-start after aturn-off). Therefore, the above-mentioned procedure should be performedto obtain the current version of the transmission key using theblockchain (with the addition of a corresponding new block thereto).However, this operation may be relatively long (for example, up toseveral minutes), during which no TV transmissions may be viewed.Therefore, as a further improvement, an embodiment of the presentdisclosure provides a faster procedure for obtaining the current versionof the transmission key, especially at every re-start of the decoder.

For this purpose, the flow of activity branches at block 414 accordingto the type of turn-on of the decoder. If the decoder has just beeninstalled for the first time, the VPN client at block 415 starts adiscover process of the other decoders that are currently connected tothe VPN. For example, the decoder requests the list of network addressesand public keys of the other decoders, or part thereof, to the providersystem and then requests the network addresses and public keys of theother decoders to each of them, with the process that is reiterated byevery decoder so as to make it aware of all the other decoders of theVPN (with their network addresses and public keys that are added to thecorresponding list) in a completely distributed way. The access clientat block 416 downloads the blockchain (into the correspondingrepository). For example, the decoder submits a synchronization requestto the network address of another decoder of the VPN, by passing anindication of the last block of its current version of the blockchain(in this case equal to the genesis block being hardcoded), so as tocause the other decoder to return the blocks following this last blockin its version of the blockchain (in a block-first method) or simplytheir headers (in a header-first method). In the block-first method thedecoder validates the received blocks and add them to its version of theblockchain in case of positive result of this operation, whereas in theheader-first method the decoder validates the received headers and incase of positive result of this operation downloads the correspondingblocks as above in parallel from one or more other decoders.

Once this operation has been completed, the process descends into block417. The same point is also reached directly from the block 414 when thedecoder has been re-started after its turn-off. In both cases, theaccess client submits a start request to the network address of theprovider system over the VPN (via the VPN client). The start requestcomprises the identifier of the decoder and the identifier of the set ofTV transmissions for which the transmission key is required. In case thedecoder has just been installed, the identifier of the set of TVtransmissions is retrieved from the blockchain (as described in thefollowing), whereas in case the decoder has been re-started theidentifier of the set of TV transmissions is already available to thecryptographic engine in association with the old version of thecorresponding transmission key. In the swim-lane of the provider system,the access manager is in a listening condition at block 418 (via the VPNclient) for any start requests. As soon as the access manager receivesthe above-mentioned start request from the decoder, the access managerat block 419 verifies whether the decoder has actually just started. Forexample, in case a previous start request has already been received fromthe same decoder (as indicated in a corresponding variable), the accessmanager verifies whether the blockchain has a block containing acorresponding transaction with its timestamp following a time of theprevious start request (indicated in the same variable). The flow ofactivity branches at block 420 according to a result of this operation.In case no corresponding block has been found in the blockchain betweenthe two start requests, it is very likely that the decoder is illicitlytrying to obtain the transmission key continually without using theblockchain. Therefore, the process directly returns to the block 418(thereby discarding the start request, with the possibility of loggingit for auditing purposes). Conversely, if the corresponding block hasbeen found in the blockchain between the two start requests (or in anycase after a predetermined delay from the previous start request toallow recovering operation of the decoder in case of accidental turn-offafter submission of the start request but before submission of a newtransaction for creating the corresponding new block), the processcontinues to block 421.

At this point, the access manager selects a plurality of other decoders(from the corresponding list maintained by the VPN server) to operate asverificators of the decoder. For example, the verificators are apredetermined number of other decoders (such as 10-20) that are closestto the decoder (according to their network addresses). The accessmanager at block 422 returns a list of the network addresses of theverificators (extracted from the corresponding list maintained by VPNserver) to the decoder over the VPN (via the VPN server). The processthen goes back to the block 418. Referring again to the swim-lane of theaccess device, the access client at block 423 receives the list ofnetwork addresses of the verificators over the VPN (via the VPN client).The access client at block 424 submits a verification request of thedecoder to the network address of each verificator over the VPN (via theVPN client). The verification request comprises the identifier and thefingerprint of the decoder (together with a total number of theverificators).

Moving to the swim-lane of each verificator (only one shown in thefigure), the verification engine at block 425 receives the verificationrequest over the VPN (via the VPN client). The flow of activity branchesat block 426 according to a number of times the same verificationrequest has been received by the verificator. If this is the first timethat the verificator receives the verification request from this decoder(as indicated by a lack of a corresponding record in the verificationcache), the fingerprint calculator at block 427 calculates the (actual)fingerprint of the verificator as above. The verification engine atblock 428 submits a corresponding (further) verification request to theprovider system over the VPN (via the VPN client); the verificationrequest comprises the identifier and the fingerprint of the decoder andthe identifier and the fingerprint of the verificator. In the swim-laneof the provider system, the access manager is in a listening conditionat block 429 (via the VPN server) for any verification requests. As soonas the access manager receives the above-mentioned verification requestfrom the verificator, the access manager at block 430 determines aresult of the verification of the corresponding fingerprints. For thispurpose, the access manager compares the actual fingerprint of thedecoder and the actual fingerprint of the verificators with their knownfingerprints (contained in the decoder registry as indicated by thecorresponding identifiers). If both the actual fingerprints match thecorresponding known fingerprints (meaning that both the decoder and theverificators are authentic) the result of the verification is positive.Conversely, if at least one of the actual fingerprints does not matchthe corresponding known fingerprint (meaning that the decoder and/or theverificator have been cloned) the result of the verification is negative(with the possibility of logging the identifier of each cloneddecoder/verificator for auditing purposes).

The use of both the fingerprints increases the security level; indeed,in this way the decoder is determined to be authentic only when it is soand the corresponding request has been submitted by an authentic decoder(operating as verificator) as well. The access manager at block 431returns the result of the verification (positive/negative for thedecoder and the verificator) to the verificator over the VPN (via theVPN server).

Referring back to the swim-lane of the verificator, the verificatorengine at block 432 receives the result of this verification over theVPN (via the VPN client). The verificator engine at block 433 sets aresult of the verification of the decoder equal to the received valueand saves it in association with the identifier of the decoder into theverification cache. Returning to the block 426, if the verificator hasalready received the verification request from the same decoder in thepast (as indicated by a corresponding record that is available in theverification cache), the verification engine at block 434 directlyretrieves the corresponding result from the verification cache. The flowof activity merges again at block 435 from either the block 433 or theblock 434.

At this point, the verificator engine starts a process for determining aconsensus among the verificators on the result of the verification. Forexample, this process is a based on a Byzantine fault-tolerantalgorithm, wherein the validator distributes a consensus messageindicating its result of the verification into the VPN. Each verificatorreceiving the consensus message without its result of the verificationadds it (if possible) and re-distributes the consensus message into theVPN. As soon as a verificator detects that the consensus messageindicates that a predefined majority of the verificators (for example, ⅔of their total number as indicated in the verification request) haveprovided the same result of the verification (positive or negative),this verificator notifies the agreed upon result of the verification tothe provider system over the VPN (via the VPN client). Returning to theswim-lane of the provider system, the access manager at lock 436receives the (agreed upon) result of the verification from a verificatorover the VPN (via the VPN server). The flow of activity branches atblock 437 according to the result of the verification. If the result ofthe verification is negative, the process directly returns to the block436. In this way, the start request is refused (with the possibility oflogging the refused start request for auditing purposes), therebyensuring that only authentic decoders may start viewing the TVtransmissions at their turn-on. Conversely, if the result of theverification is positive the access manager at block 438 retrieves theremote key associated with the identifier of the set of TV transmissionsindicated in the start request (from the cryptographic engine) andtransmits it to the decoder over the VPN (via the VPN server). Theprocess then goes back to the block 436.

Returning to the swim-lane of the access device, the access client atblock 439 receives the remote key over the VPN (via the VPN client). Theaccess client at block 440 retrieves the local key from the smartcard(via the smartcard drive that requests it to the I/O interface, which inturn retrieves it from the key repository). The access client passes theremote key and the local key to the cryptographic engine, which combinesthem into the transmission key and saves it (in association with theidentifier of the set of TV transmissions). The TV tuner drive at block441 starts receiving a selected one of the (encrypted) TV transmissionsand passes it to the cryptographic engine. Assuming that the (selected)TV transmission belongs to the set of TV transmissions associated withthe transmission key that has just been obtained, the cryptographicengine at block 442 decrypts the TV transmission with it (so as torestore its original form) and passes the (decrypted) TV transmission tothe TV set drive. The TV set drive at block 443 sends the TVtransmission to the TV set for its display.

As a result, the subscriber may start viewing the TV transmissionsquickly when the decoder is turned-on. Indeed, apart when the decoder isinstalled for the first time, this only requires the reaching of theconsensus on its verification by the verificators (which operation isfar faster than updating the blockchain). Moreover, apart from the firsttime, each verificator retrieves the result of the verification of thedecoder from the verification cache (without any need of involving theprovider system). Therefore, the operation is very fast and completelydistributed.

At this point, the decoder may start working normally. Particularly, theflow of activity branches at block 444 according to the type of turn-onof the decoder. If the decoder has been restarted after its turn-off,the VPN client at block 445 starts a discover process of the otherdecoders that are currently connected to the VPN as above. The accessclient at block 446 downloads the up-to-date version of the blockchain(into the corresponding repository) in a similar way as above. Once thisoperation has been completed, the process descends into block 447. Thesame point is also reached directly from the block 444 if the decoderhas been installed for the first time. Moreover, the process passes tothe block 447 from block 448 whenever the decoder receives a changenotification from the provider system indicating that the remote key isgoing to be changed (as described in the following). At this point, theaccess client retrieves the identifier of the smartcard (via thesmartcard drive that requests it to the I/O interface); the accessclient searches the up-to-date version (in the most recent blocks of theblockchain in the corresponding repository) of the entitlement of thesubscriber, corresponding to the identifier of the decoder and theidentifier of the smartcard so as to determine the identifier of the setof TV transmissions that the subscriber is authorized to view with thisdecoder and this smartcard. In case the entitlement comprises anypersonal information of the subscriber, the personal information isdecrypted with the private key of the subscriber retrieved from thesmartcard as well (via the smartcard drive that requests it to the I/Ointerface, which in turn retrieves it from the key repository). Theaccess client creates a corresponding access request for accessing theset of TV transmissions so determined. The access request indicates theidentifier of the decoder, the identifier of the smartcard and theidentifier of the set of TV programs. The access client at block 449creates a new transaction for the access request, signed with theprivate key of the decoder (via the cryptographic engine), anddistributes it into the VPN (via the VPN client).

Moving to the swim-lane of each decoder further operating as validator(only one shown in the figure), the validation engine is in a listeningcondition at block 450 (via the VPN client) for any new transactions. Assoon as the validation engine receives a new transaction, the processdescends into block 451. At this point, the flow of activity branchesaccording to the type of the new transaction. Particularly, if the newtransaction comprises an entitlement request the blocks 452-453 areexecuted, whereas if the new transaction comprises an access request theblocks 454-455 are executed; in both cases, the process merges again atblock 456.

With reference now to the block 452 (entitlement request), thevalidation engine validates the new transaction. Particularly, thevalidation engine verifies the signature of the new transaction with thepublic key of the provider system provided by the VPN client (via thecryptographic engine) to confirm its authenticity. The flow of activitybranches at block 453 according to a result of this operation. In caseof negative result of the validation of the new transaction, the processdirectly returns to the block 450 (thereby discarding it). Conversely,in case of positive result of the validation of the new transaction, theprocess descends into the block 456.

With reference instead to the block 454 (access request), the validationengine again validates the new transaction. As above, the validationengine verifies the signature of the new transaction with the public keyof the decoder provided by the VPN client (via the cryptographicengine). However, in case of positive result of this operation, thevalidation engine further verifies whether the access request iscompliant with the up-to-date version (in the most recent blocks of theblockchain in the corresponding repository) of the entitlement of thesubscriber corresponding to the identifier of the decoder and theidentifier of the smartcard. If the access request is both authentic andcompliant, the result of the validation is positive. Conversely, if thenew transaction is not authentic (meaning that the decoder has beencloned) or the access request is not compliant (meaning that thesmartcard has been cloned or the subscriber is trying to use it in acondition different from the authorized one) the result of thevalidation is negative. The validation engine at block 455 starts aprocess as above for determining a consensus among the validators on theresult of the validation (positive or negative); as soon as theconsensus has been reached by a predefined majority of the validators(for example, ⅔ of their total number as indicated by the validatorflags that are asserted in the list managed by the VPN client) on thesame result of the validation (positive or negative), the processdescends into the block 456.

Considering now the block 456, the validation engine starts (in case itis not working on any new block that may accept the new transaction) orcontinues (otherwise) solving the mathematical puzzle required to add acorresponding new block to the blockchain; particularly, the validationengine calculates the hash of the header of the new block correspondingto a possible value of the nonce. Meanwhile, the validation engine atblock 457 may receive (via the VPN client) a new block from anothervalidator. A test is then made at block 458, wherein the validationengine verifies whether a new block may be created (since thecorresponding mathematical puzzle has been solved) or a new block hasbeen received. If not, the process returns to the block 456 to try againsolving the mathematical puzzle (by reiterating the calculation of thehash of the header with another value of the nonce). Conversely, as soonas the validation engine has solved the mathematical puzzle (by findingthe nonce that makes the hash of the header lower than the target) or anew block has been received, the process descends into block 459 whereinthe process branches accordingly. If the mathematical puzzle has beensolved the validation engine at block 460 creates the corresponding newblock (by adding as many new transactions that are pending as possibleto its body and completing the header with the required information).Conversely, if the new block has been received the validation engine atblock 461 verifies whether the new block is not comprised in its currentversion of the blockchain (in the corresponding repository). If so, thevalidation engine validates the new block (by verifying its previoushash, Merkle root, proof of work and transactions).

The flow of activity branches at block 462 according to a result of thisoperation. In case the new block is already comprised in the blockchainor in case of negative result of its validation, the process returns tothe block 456 (thereby discarding it) to try again solving themathematical puzzle (or to the block 450, not shown in the figure, whenthe new block has been received while the validation engine was idle).Conversely, in case of positive result of the validation of the newblock (not already comprised in the blockchain) the process continues toblock 463. The same point is also reached from the block 460 after thecreation of the new block. At this point, the validation engine adds thenew block (created/received) to the blockchain (into the correspondingrepository), at the same time discarding any pending new transactionscomprised therein. The validation engine at block 464 then distributesthe new block into the VPN (via the VPN server). The flow of activitybranches at block 465 according to a status of the validation engine. Ifthe validation engine is still working on any new transactions that arepending, the process returns to the block 456; conversely, if no newtransaction remains pending the process returns to the block 450.

The new blocks that are created and distributed into the VPN by thevalidators (as described above) are used by the other decoders (notoperating as validators) and by the provider system simply to updatetheir versions of the blockchain.

Particularly, in the swim-lane of each access device whose decoder isnot operating as validator the access client is in a listening conditionat block 466 (via the VPN client) for any new blocks. As soon as theaccess client receives a new block, the access client at block 467verifies whether the new block is not comprised in its current versionof the blockchain (in the corresponding repository); if so, the accessclient validates the new block (by verifying its previous hash, Merkleroot and proof of work). The flow of activity then branches at block 468according to a result of this operation. In case the new block isalready comprised in the blockchain or in case of negative result of itsvalidation, the process directly returns to the block 466 (therebydiscarding it). Conversely, in case of positive result of the validationof the new block (not already comprised in the blockchain) the accessclient block 469 adds it to the blockchain (in the correspondingrepository). The process then returns to the block 466.

With reference instead to the swim-lane of the provider system, likewisethe access manager is in a listening condition at block 470 (via the VPNserver) for any new blocks. As soon as the access manager receives a newblock, the access manager at block 471 verifies whether the new block isnot comprised in its current version of the blockchain (in thecorresponding repository). If so, the access manager validates the newblock (by verifying its previous hash, Merkle root and proof of work).The flow of activity then branches at block 472 according to a result ofthis operation. In case the new block is already comprised in theblockchain or in case of negative result of its validation, the processdirectly returns to the block 470 (thereby discarding it). Conversely,in case of positive result of the validation of the new block (notalready comprised in the blockchain) the access manager block 473 addsit to the blockchain (in the corresponding repository). For eachtransaction of the new block relating to an access request (if any), theaccess manager at block 474 retrieves the remote key associated with theidentifier of the set of TV transmissions indicated in the transaction(via the cryptographic engine) and transmits it to the network addressof the identifier of the decoder indicated in the transaction over theVPN (via the VPN server). The process then returns to the block 470.Moving to the swim-lane of each of these access devices, the accessclient at block 475 receives the new version of the remote key over theVPN (via the VPN client). The access client at block 476 retrieves thelocal key from the smartcard (via the smartcard drive that requests itto the I/O interface, which in turn retrieves it from the keyrepository). At this point, the access client passes the new version ofthe remote key and the local key to the cryptographic engine, whichcombines them into a corresponding new version of the transmission key(without using it at the moment).

With reference again to the swim-lane of the provider system, theprocess passes from block 477 to block 478 whenever any transmission key(for a corresponding set of TV transmissions) is to be changed. Forexample, this happens when the transmission key is required for thefirst time by a new decoder after its turn-on and in any caseperiodically (for example, every 1-2 hours). In response thereto, thecryptographic engine generates a new version of the corresponding remotekey (for example, in a pseudo-random way). The cryptographic engine atblock 479 combines the new version of the remote key and the (fixed)local key into a corresponding new version of the transmission key(without using it at the moment). The access manager at block 480broadcasts a change notification together with the corresponding TVtransmissions to all the decoders, in order to inform them that thetransmission key will be changed in the future. This will happen with adelay (for example, 10-20 minutes) sufficient to allow the decoders toreceive the new version of the remote key using the blockchain (asdescribed above). The change notification indicates the identifier ofthe corresponding set of TV transmissions and a change time at which thetransmission key will be changed. The access manager enters an idle loopat block 481 waiting for the change time. As soon as the change time isreached, the encryption engine at block 482 saves the new version of thetransmission key with the corresponding remote key into thecorresponding list (by replacing their previous versions) so as to startencrypting the corresponding set of TV transmissions with thistransmission key.

At the same time, in the swim-lane of each access device the accessclient at block 483 receives the change notification (via the TV tunerdrive); in response thereto, the access client creates a correspondingnew transaction and distributes it into the VPN (at the block 448) inorder to receive the new version of the remote key (as described above).Meanwhile, the access client enters an idle loop at block 484 waitingfor the change time (indicated in the change notification). As soon asthe change time is reached, the encryption engine at block 485 saves thenew version of the transmission key (which should have been generatedmeanwhile as described above) by replacing its previous version, so asto start decrypting the corresponding set of TV transmissions with thistransmission key.

In this way, the transmission keys may be changed without anyinterruption of the TV transmissions (despite the relatively long timethat is required by the decoders to obtain the new version of thecorresponding remote keys using the blockchain).

Naturally, in order to satisfy local and specific requirements, a personskilled in the art may apply many logical and/or physical modificationsand alterations to the present disclosure. More specifically, althoughthis disclosure has been described with a certain degree ofparticularity with reference to one or more embodiments thereof, itshould be understood that various omissions, substitutions and changesin the form and details as well as other embodiments are possible.Particularly, different embodiments of the present disclosure may evenbe practiced without the specific details (such as the numerical values)set forth in the preceding description to provide a more thoroughunderstanding thereof. Conversely, well-known features may have beenomitted or simplified in order not to obscure the description withunnecessary particulars. Moreover, it is expressly intended thatspecific elements and/or method steps described in connection with anyembodiment of the present disclosure may be incorporated in any otherembodiment as a matter of general design choice. Moreover, itemspresented in a same group and different embodiments, examples oralternatives are not to be construed as de facto equivalent to eachother (but they are separate and autonomous entities). In any case, eachnumerical value should be read as modified by the term about (unlessalready done) and each range of numerical values should be intended asexpressly specifying any possible number along the continuum within therange (comprising its end points). Moreover, ordinal or other qualifiersare merely used as labels to distinguish elements with the same name butdo not by themselves connote any priority, precedence or order. Theterms include, comprise, have, contain and involve (and any formsthereof) should be intended with an open, non-exhaustive meaning (i.e.,not limited to the recited items), the terms based on, dependent on,according to, function of (and any forms thereof) should be intended asa non-exclusive relationship (i.e., with possible further variablesinvolved), the term a/an should be intended as one or more items (unlessexpressly indicated otherwise), and the term means for (or anymeans-plus-function formulation) should be intended as any structureadapted or configured for carrying out the relevant function.

For example, an embodiment provides a method for controlling access todata being broadcast over a telecommunication medium. However, the datamay be of any type (for example, any data stream such as television,radio, music or any other data such as documents, databases). Moreover,the data may be broadcast in any way (for example, from any number andtype of stations with any broadcasting range) over any telecommunicationmedium (for example, waves, cables, satellites, Internet) for anypurposes (for example, displaying, playing, reading, processing).

In an embodiment, the method comprises submitting (by an access device)an access request for accessing the data by the access device to aplurality of validator devices. However, the access device may be of anytype (see below) and the validator devices may be in any number and ofany type (for example, selected access devices, dedicated computingmachines or any combination thereof); moreover, the access request maybe of any type (for example, simply indicating the access device with orwithout additional information such as its fingerprint, the data to beaccessed) and it may be submitted in any way (for example, over a securenetwork, encrypted over a public network).

In an embodiment, the method comprises validating (by each of thevalidator devices) the access request according to correspondingentitlements to access the data being granted by a provider system to aplurality of access devices. However, the validator devices may validatethe access request in any way (for example, by verifying theentitlements with or without authenticating the access devices)according to any entitlements (for example, subscriptions to one or moretransmissions, authorizations for single events or data on demand)granted in any way (for example, following payments, in trial mode,according to roles); moreover, the entitlements may be provided in anyway (for example, comprised in the blockchain or in a dedicated memorystructure) by any provider system (see below).

In an embodiment, the method comprises updating (by the validatordevices) a blockchain comprising a sequence of blocks linked to eachother according to corresponding hashes. However, the blockchain may ofany type (for example, permissioned, permissionless); moreover, theblocks may be of any type (for example, with body and/or headercomprising partial, different and additional pieces of information withrespect to the ones mentioned above) linked to each other in any way(for example, the previous hashes with or without global hashesthereof).

In an embodiment, the method comprises updating (by the validatordevices) the blockchain by adding a new one of the blocks comprising anindication of the access request in response to a consensus at leastpartial of the validator devices to a positive result of said validatingthe access request. However, the blockchain may be updated in any way(for example, according to a proof of work schema based on anymathematical puzzle or to a proof of stake schema) in response to anytype of consensus (for example, by actually controlling that the accessrequest has been validated by at least any percentage of the validatordevices, up to all of them, or without any control by simply waiting apre-defined time after the addition of any new block). Moreover, the newblock may be of any type (for example, a new block comprising any numberof transactions, from a single one to as many as possible) and it may beadded to the blockchain in any way (for example, only in case ofpositive result of the validation of the corresponding access requestsor always together with the indication of the results of thevalidation).

In an embodiment, the method comprises transmitting (by the providersystem) cryptographic information to the access device in response tothe new block. However, the cryptographic information may be of any type(for example, a cryptographic key or a part thereof) and it may betransmitted to the access device in any way (for example, directly, inthe blockchain or broadcast together with the data in a protected waysuch as encrypted with a public key of the access device).

In an embodiment, the method comprises encrypting (by the providersystem) the data into encrypted data according to the cryptographicinformation. However, the data may be encrypted in any way (for example,by applying an encryption function, a scrambling method).

In an embodiment, the method comprises broadcasting (by the providersystem) the encrypted data. However, the encrypted data may be broadcastin any way (for example, in a channel, a web site).

In an embodiment, the method comprises receiving (by the access device)the encrypted data being broadcast by the provider system. However, theencrypted data may be received in any way (for example, by tuning to thecorresponding channel, accessing the corresponding web site).

In an embodiment, the method comprises decrypting (by the access device)the encrypted data into the data according to the cryptographicinformation. However, the encrypted data may be decrypted in any way(for example, by applying a decryption function, a descrambling method)according to the cryptographic information (for example, alone or incombination with any other piece of information provided in any way).

In an embodiment, the method comprises determining (by the accessdevice) an actual fingerprint thereof based on one or more physicalfeatures characterizing the access device. However, the physicalfeatures may be in any number and of any type (for example, hardwarefeatures, software features or any combination thereof) and they may becollected in any way (for example, measured whenever necessary or whenthe access device turns-on); moreover, the actual fingerprint may bedetermined in any way (for example, according to any combination of thephysical features such as their product, sum, concatenation).

In an embodiment, the method comprises authenticating (by the providersystem) the access device according to corresponding known fingerprintsof the access devices, with the access device that is authenticatedaccording to a match of the actual fingerprint of the access device withthe corresponding known fingerprint. However, the access request may beauthenticated according to any match of the fingerprints (for example,only when they are equal or even tolerating a difference below athreshold to take into account measuring errors) and for any purpose(for example, for connecting the access device to the network,validating the access requests).

In an embodiment, the blockchain is permissioned. However, theblockchain may be of any permissioned type (for example, private orconsortium).

In an embodiment, the validator devices are vetted by the providersystem. However, the validator devices may be vetted in any way (forexample, statically, dynamically, either in a fixed or variable way suchas periodically).

In an embodiment, the validator devices are selected ones of the accessdevices. However, the validator devices may be selected in any way amongthe access devices (for example, random or according to theirlocations).

In an embodiment, the provider system, the access devices and thevalidator devices communicate to each other over a virtual privatenetwork implemented by the provider system over a public network.However, the virtual private network may be implemented in any way (forexample, by the provider system or a dedicated computing machine) overany public network (for example, the Internet, a WAN). In any case, thepossibility is not excluded of using any other secure network (forexample, a private network such as a LAN) or more generally any othernetwork.

In an embodiment, the method comprises submitting (by the access device)a start request for starting operation of the access device to theprovider system. However, the start request may be submitted in any way(either the same or different with respect to the other requests).

In an embodiment, the method comprises returning (by the providersystem) an indication of a plurality of verificator devices to theaccess device in response to the start request. However, the verificatordevices may be in any number and of any type (for example, selectedaccess devices, selected validator devices, dedicated computing machinesor any combination thereof) and their indication may be returned in anyway (for example, transmitted directly, distributed into the network orbroadcast together with the data).

In an embodiment, the method comprises submitting (by the access device)a verification request for verifying the access device to theverificator devices. However, the verification request may be of anytype (for example, based on the fingerprint of the access device, asignature with its private key or simply its identifier) and it may besubmitted in any way (either the same or different with respect to theother requests).

In an embodiment, the method comprises verifying (by each of theverificator devices) the access device in response to the verificationrequest. However, the access device may be verified in any way (forexample, requesting the intervention of the provider system, directly byeach verificator device, alternatively or in combination).

In an embodiment, the method comprises transmitting (by the providersystem) the cryptographic information to the access device in responseto a consensus at least partial of the verificator devices to a positiveresult of said verifying the access device. However, the cryptographicinformation may be transmitted to the access device in any way (eitherthe same or different with respect to above); moreover, the consensus tothe verification of the access device may be defined and determined inany way (either the same or difference with respect to above).

In an embodiment, the method comprises submitting (by the access device)a further start request for starting operation of the access device tothe provider system. However, the further start request may be submittedin any way (see above).

In an embodiment, the method comprises refusing (by the provider system)the further start request in response to a lack of the new block in theblockchain that is more recent than the start request. However, therelevant times may be of any type (for example, relating to its lasttransaction, creation or addition to the blockchain for the new blockand relating to its creation, submission, reception for the accessrequest). Moreover, the further start request may be refused in any way(for example, only when the time elapsed from the start request is lowerthan any threshold or even always, with or without the possibility oflogging it for auditing).

In an embodiment, the method comprises submitting (by the access device)the verification request comprising the actual fingerprint of the accessdevice to the verificator devices. However, the actual fingerprint maybe provided to the verificator devices in any way (for example, in thesame or in a separate message).

In an embodiment, the method comprises verifying (by each of theverificator devices) the access device according to a match of theactual fingerprint of the access device with the corresponding knownfingerprint in response to the verification request. However, the accessdevice may be verified according to any match of the fingerprints(either the same or different with respect to above).

In an embodiment, the method comprises selecting (by the providersystem) the verificator devices among the access devices. However, theverificator devices may be selected in any way among the access devices(for example, in a fixed way such as according to their locations oreven in a variable way).

In an embodiment, the method comprises determining (by each of theverificator devices) the actual fingerprint thereof. However, the actualfingerprint may be determined in any way (see above).

In an embodiment, the method comprises submitting (by each of theverificator devices) a further verification request for verifying theactual fingerprint of the access device and the actual fingerprint ofthe verificator device to the provider system. However, the furtherverification request may be submitted in any way (either the same ordifferent with respect to the other requests); in any case, thepossibility of using the fingerprint of the access device only is notexcluded.

In an embodiment, the method comprises determining (by the providersystem) a result of said verifying the access device for each of theverificator devices according to a match of the actual fingerprint ofthe access device and the actual fingerprint of the authenticationdevice with the corresponding known fingerprints in response to thefurther verification request. However, the result of the verificationmay be determined according to any match of the fingerprints (forexample, positive when both actual fingerprints match their knownfingerprints and negative otherwise; or using the actual fingerprint ofthe verificator device to accept/refuse the verification request anddetermining its result only according to the actual fingerprint of theaccess device).

In an embodiment, the method comprises returning (by the providersystem) the result of said verifying the access device for each of theverificator devices to the verificator device. However, the result maybe returned in any way (either the same or different with respect to thesubmission of the further verification request).

In an embodiment, for each of the verificator devices the methodcomprises saving (by the verificator device) the result of saidverifying the access device. However, the result of the verification maybe saved in any way (for example, into a dedicated cache memory or anystructure of the working memory such as a table or a list).

In an embodiment, for each of the verificator devices the methodcomprises receiving (by the verificator device) a next verificationrequest for verifying the access device from the access device. However,the next verification request may be received in any way (see above).

In an embodiment, for each of the verificator devices the methodcomprises retrieving (by the verificator device) the result of saidverifying the access device being saved therein in response to the nextverification request. However, the saved result may be used in any way(for example, always or only when its age is lower than a threshold); inany case, the possibility is not excluded of determining the result ofthe verification always through the provider system.

In an embodiment, the method comprises generating (by the providersystem) a new version of the cryptographic information. However, the newversion of the cryptographic information may be generated in response toany event (for example, for each new access device, periodically withany frequency or both of them).

In an embodiment, the method comprises notifying (by the providersystem) a future use at a change time of the new version of thecryptographic information to the access devices. However, the future usemay be notified in any way (for example, broadcast together with thedata, distributed into the network, transmitted to each access deviceindividually); moreover, the change time may be defined in any way (forexample, an actual time or a delay).

In an embodiment, the method comprises submitting (by the accessdevices) corresponding further access requests for accessing the data bythe access devices to the validator devices in response to saidnotifying the future use. However, the further access requests may be ofany type and they may be submitted in any way (see above).

In an embodiment, the method comprises validating (by each of thevalidator devices) the further access requests according to thecorresponding entitlements. However, the further access requests may bevalidated in any way (see above).

In an embodiment, the method comprises updating (by each of thevalidator devices) the blockchain by adding further new one or more ofthe blocks each comprising an indication of one or more of the furtheraccess requests in response to a consensus at least partial of thevalidator devices to a positive result of said validating thecorresponding further access requests. However, the blockchain may beupdated in any way (see above).

In an embodiment, the method comprises transmitting (by the providersystem) the new version of the cryptographic information to each of theaccess devices in response to the corresponding further new block.However, the new version of the cryptographic information may betransmitted to each of the access devices in any way (see above).

In an embodiment, the method comprises encrypting (by the providersystem) the data into a new version of the encrypted data according tothe new version of the cryptographic information after the change time.However, the data may be encrypted in any way (see above); in any case,the possibility is not excluded of managing the change of thecryptographic information in any other way (for example, by applying thenew version of the cryptographic information in response its receptionby all the access devices or a predetermined percentage thereof or evenwithout any delay such as when the data are not a stream that needs tobe received continuously).

In an embodiment, the method comprises decrypting (by each of the accessdevices) the encrypted data into the data according to the new versionof the cryptographic information after the change time. However, theencrypted data may be decrypted in any way (see above). In any case, thepossibility is not excluded of managing the new version of thecryptographic information in any other way (for example, by using it inresponse to a notification of its application from the provider systemor even automatically as soon as the data may not be decrypted anylonger with the current version of the cryptographic information).

In an embodiment, the method comprises submitting (by the providersystem) corresponding entitlement requests for setting the entitlementsto the validator devices. However, the entitlement requests may be ofany type (for example, adding/removing access devices, updating theirauthorizations for accessing the data) and they may be submitted in anyway (either the same or different with respect to the other requests).

In an embodiment, the method comprises validating (by each of thevalidator devices) each of the entitlement requests. However, theentitlement requests may be validated in any way (for example, byauthenticating the provider system with or without verifying theentitlement in external information sources).

In an embodiment, the method comprises updating (by the validatordevices) the blockchain by adding still further new one or more of theblocks each comprising an indication of one or more of the entitlementsin response to a positive result of said validating the correspondingentitlement requests. However, the blockchain may be updated in any way(either the same or different with respect to above).

In an embodiment, the method comprises validating (by each of thevalidator devices) the access request according to the entitlement ofthe access device contained in the blockchain. However, the possibilityis not excluded of validating the access request according to theentitlements that are stored elsewhere, and then without the need ofadding corresponding blocks to the blockchain (for example, by accessingexternal information sources).

In an embodiment, the method comprises constructing (by the accessdevice) the access request according to the entitlement of the accessdevice contained in the blockchain. However, the possibility is notexcluded of constructing the access request in any other way (forexample, according to the corresponding entitlement that is storedelsewhere such as in the smartcard or even independently thereof whenthe data to be accessed are not indicated in the access request).

In an embodiment, the data comprise a television transmission. However,the television transmission may be of any type (for example, pay TV,pay-per-view TV, TV on demand).

In an embodiment, the method comprises providing (by the access device)the television transmission that has been decrypted to a TV set fordisplaying thereon. However, the decrypted television transmission maybe provided to the TV set in any way (for example, with a wired orwireless connection); in any case, the possibility is not excluded ofhaving an integrated device with both the functions of TV set and accessdevice.

In an embodiment, the access devices comprise corresponding decoderdevices and corresponding portable devices removably coupled therewith.However, the decoder devices may be of any type (for example,set-top-boxes, integrated decoders); moreover, the portable devices maybe of any type (for example, smartcards, memory keys) and they may becoupled removably with the decoders devices in any way (for example,with a contact or contactless connection). In any case, the possibilityis not excluded of using a stand-alone access device without anyremovable part.

In an embodiment, the portable devices store further cryptographicinformation. However, the further cryptographic information may be ofany type (for example, the same for all the data or different forcorresponding groups thereof) or it may be missing at all.

In an embodiment, the method comprises generating (by the providersystem) a cryptographic key according to the cryptographic informationand the further cryptographic information. However, the cryptographickey may be generated in any way (for example, by concatenating two partsor by combining them in any way such as adding, multiplying, dividing)or it may be simply equal to the cryptographic information (when thefurther cryptographic information is missing).

In an embodiment, the method comprises encrypting (by the providersystem) the data with the cryptographic key. However, the possibility isnot excluded of using the cryptographic information and the furthercryptographic information in any other way (for example, by encryptingthe data with the first one and then the obtained result with the secondone).

In an embodiment, the method comprises generating (by the access device)the cryptographic key according to the cryptographic information beingtransmitted thereto by the provider system and to the furthercryptographic information being retrieved from the correspondingportable device. However, the cryptographic key may be generated by theaccess device in any way (as it is generated by the provider system).

In an embodiment, the method comprises decrypting (by the access device)the encrypted data with the cryptographic key. However, the encrypteddata may be decrypted in any way (according to how it has beenencrypted).

An embodiment provides a method for broadcasting data over atelecommunication medium. In an embodiment, the method comprisestransmitting (by a provider system) cryptographic information to each ofa plurality of access devices in response to a consensus at leastpartial of a plurality of validator devices to a new block of ablockchain comprising an indication of a positive result of a validationof an access request for accessing the data by the access device. In anembodiment, the method comprises encrypting (by the provider system) thedata into encrypted data according to the cryptographic information. Inan embodiment, the method comprises broadcasting (by the providersystem) the encrypted data.

An embodiment provides a method for accessing data that are broadcastover a telecommunication medium. In an embodiment, the method comprisesreceiving (by an access device) an access request for accessing the datafrom a further access device. In an embodiment, the method comprisesvalidating (by the access device) the access request according tocorresponding entitlements to access the data being granted by aprovider system to a plurality of access devices. In an embodiment, themethod comprises updating (by the access device) a blockchain,comprising a sequence of blocks linked to each other according tocorresponding hashes, by adding a new one of the blocks comprising anindication of the access request in response to a consensus at leastpartial of a plurality of validator devices comprising the access deviceto a positive result of said validating the access request. In anembodiment, the method comprises submitting (by the access device) afurther access request for accessing the data by the access device tothe validator devices. In an embodiment, the method comprises receiving(by the access device) cryptographic information from the providersystem in response to a further new one of the blocks comprising anindication of the further access request. In an embodiment, the methodcomprises receiving (by the access device) the data encrypted accordingto the cryptographic information being broadcast by the provider system.In an embodiment, the method comprises decrypting (by the access device)the encrypted data into the data according to the cryptographicinformation.

The same considerations pointed out above with reference to the methodfor controlling access to data (comprising each of its additionalfeatures) apply mutatis mutandis to the method for broadcasting data andto the method for accessing data.

Generally, similar considerations apply if the same solution isimplemented with equivalent methods (by using similar steps with thesame functions of more steps or portions thereof, removing somenon-essential steps or adding further optional steps). Moreover, thesteps may be performed in a different order, concurrently or in aninterleaved way (at least in part).

An embodiment provides a computer program configured for causing acomputing structure to perform the above-described methods when thecomputer program is executed on the computing structure. An embodimentprovides a computer program product that comprises a computer readablestorage medium having program instructions embodied therewith; theprogram instructions are executable by a computing structure to causethe computing structure to perform the same methods. However, thecomputer program may be implemented as a stand-alone module, as aplug-in for a pre-existing software program (for example, any accessmanager or access client), or even directly in the latter. Moreover, thecomputer program may be executed on any computing structure;particularly, the computer program may be executed on a computingstructure comprising the provider system, the access devices and thevalidator devices when implementing the method for controlling access todata, on the provider system when implementing the method forbroadcasting data and on each access device when implementing the methodfor accessing data. In any case, the solution according to an embodimentof the present disclosure lends itself to be implemented even with ahardware structure (for example, by electronic circuits integrated inone or more chips of semiconductor material), or with a combination ofsoftware and hardware suitably programmed or otherwise configured.

An embodiment provides a structure comprising means that are configuredfor performing each of the steps of the above-described methods. Anembodiment provides a structure comprising a circuit (i.e., any hardwaresuitably configured, for example, by software) for performing each ofthe steps of the same methods. However, the structure may be of any type(for example, formed by the provider system, the access devices and thevalidator devices, by the provider system alone or by each access devicealone). Moreover, the structure may be implemented by any number andtype of physical machines, virtual machines or any static/dynamiccombination thereof (for example, with the provider system implementedby a server, a cluster of one or more servers or a cloud service, andwith each access device implemented by a decoder and a smartcard, adecoder alone or any other receiver).

Generally, similar considerations apply if the provider system and theaccess devices each has a different structure or comprises equivalentcomponents or it has other operative characteristics. In any case, everycomponent thereof may be separated into more elements, or two or morecomponents may be combined together into a single element. Moreover,each component may be replicated to support the execution of thecorresponding operations in parallel. Moreover, unless specifiedotherwise, any interaction between different components generally doesnot need to be continuous, and it may be either direct or indirectthrough one or more intermediaries.

The present invention may be a system, a method, and/or a computerprogram product at any possible technical detail level of integration.The computer program product may include a computer readable storagemedium (or media) having computer readable program instructions thereonfor causing a processor to carry out aspects of the present invention.The computer readable storage medium can be a tangible device that canretain and store instructions for use by an instruction executiondevice. The computer readable storage medium may be, for example, but isnot limited to, an electronic storage device, a magnetic storage device,an optical storage device, an electromagnetic storage device, asemiconductor storage device, or any suitable combination of theforegoing. A non-exhaustive list of more specific examples of thecomputer readable storage medium includes the following: a portablecomputer diskette, a hard disk, a random access memory (RAM), aread-only memory (ROM), an erasable programmable read-only memory (EPROMor Flash memory), a static random access memory (SRAM), a portablecompact disc read-only memory (CD-ROM), a digital versatile disk (DVD),a memory stick, a floppy disk, a mechanically encoded device such aspunch-cards or raised structures in a groove having instructionsrecorded thereon, and any suitable combination of the foregoing. Acomputer readable storage medium, as used herein, is not to be construedas being transitory signals per se, such as radio waves or other freelypropagating electromagnetic waves, electromagnetic waves propagatingthrough a waveguide or other transmission media (e.g., light pulsespassing through a fiber-optic cable), or electrical signals transmittedthrough a wire. Computer readable program instructions described hereincan be downloaded to respective computing/processing devices from acomputer readable storage medium or to an external computer or externalstorage device via a network, for example, the Internet, a local areanetwork, a wide area network and/or a wireless network. The network maycomprise copper transmission cables, optical transmission fibers,wireless transmission, routers, firewalls, switches, gateway computersand/or edge servers. A network adapter card or network interface in eachcomputing/processing device receives computer readable programinstructions from the network and forwards the computer readable programinstructions for storage in a computer readable storage medium withinthe respective computing/processing device. Computer readable programinstructions for carrying out operations of the present invention may beassembler instructions, instruction-set-architecture (ISA) instructions,machine instructions, machine dependent instructions, microcode,firmware instructions, state-setting data, configuration data forintegrated circuitry, or either source code or object code written inany combination of one or more programming languages, including anobject oriented programming language such as Smalltalk, C++, or thelike, and procedural programming languages, such as the “C” programminglanguage or similar programming languages. The computer readable programinstructions may execute entirely on the user's computer, partly on theuser's computer, as a stand-alone software package, partly on the user'scomputer and partly on a remote computer or entirely on the remotecomputer or server. In the latter scenario, the remote computer may beconnected to the user's computer through any type of network, includinga local area network (LAN) or a wide area network (WAN), or theconnection may be made to an external computer (for example, through theInternet using an Internet Service Provider). In some embodiments,electronic circuitry including, for example, programmable logiccircuitry, field-programmable gate arrays (FPGA), or programmable logicarrays (PLA) may execute the computer readable program instructions byutilizing state information of the computer readable programinstructions to personalize the electronic circuitry, in order toperform aspects of the present invention. Aspects of the presentinvention are described herein with reference to flowchart illustrationsand/or block diagrams of methods, apparatus (systems), and computerprogram products according to embodiments of the invention. It will beunderstood that each block of the flowchart illustrations and/or blockdiagrams, and combinations of blocks in the flowchart illustrationsand/or block diagrams, can be implemented by computer readable programinstructions. These computer readable program instructions may beprovided to a processor of a general purpose computer, special purposecomputer, or other programmable data processing apparatus to produce amachine, such that the instructions, which execute via the processor ofthe computer or other programmable data processing apparatus, createmeans for implementing the functions/acts specified in the flowchartand/or block diagram block or blocks. These computer readable programinstructions may also be stored in a computer readable storage mediumthat can direct a computer, a programmable data processing apparatus,and/or other devices to function in a particular manner, such that thecomputer readable storage medium having instructions stored thereincomprises an article of manufacture including instructions whichimplement aspects of the function/act specified in the flowchart and/orblock diagram block or blocks. The computer readable programinstructions may also be loaded onto a computer, other programmable dataprocessing apparatus, or other device to cause a series of operationalsteps to be performed on the computer, other programmable apparatus orother device to produce a computer implemented process, such that theinstructions which execute on the computer, other programmableapparatus, or other device implement the functions/acts specified in theflowchart and/or block diagram block or blocks. The flowchart and blockdiagrams in the Figures illustrate the architecture, functionality, andoperation of possible implementations of systems, methods, and computerprogram products according to various embodiments of the presentinvention. In this regard, each block in the flowchart or block diagramsmay represent a module, segment, or portion of instructions, whichcomprises one or more executable instructions for implementing thespecified logical function(s). In some alternative implementations, thefunctions noted in the blocks may occur out of the order noted in theFigures. For example, two blocks shown in succession may, in fact, beexecuted substantially concurrently, or the blocks may sometimes beexecuted in the reverse order, depending upon the functionalityinvolved. It will also be noted that each block of the block diagramsand/or flowchart illustration, and combinations of blocks in the blockdiagrams and/or flowchart illustration, can be implemented by specialpurpose hardware-based systems that perform the specified functions oracts or carry out combinations of special purpose hardware and computerinstructions.

The above-described features may be combined in any way.

What is claimed is:
 1. A method for controlling access to data beingbroadcast over a telecommunication medium, wherein the method comprises:transmitting, by the provider system, cryptographic information inresponse to a blockchain being updated by a plurality of validatordevices, the blockchain comprising a sequence of blocks linked to eachother according to corresponding hashes, by adding a new one of theblocks comprising an indication of the first access request in responseto a first consensus of at least some of the validator devices to apositive result of said validating the first access request, encrypting,by the provider system, the data into encrypted data according to thecryptographic information, wherein the encrypted data can be decryptedby a first access device using the cryptographic information and a localkey from a drive of the first access device, and broadcasting, by theprovider system, the encrypted data.
 2. The method according to claim 1,wherein the method further comprises: determining, by the first accessdevice that submitted the first access request, a first devicefingerprint thereof based on one or more physical featurescharacterizing the first access device, and authenticating the firstaccess device according to corresponding known fingerprints of theplurality of access devices, the first access device being authenticatedaccording to a match of the first device fingerprint of the first accessdevice with the corresponding known device fingerprint.
 3. The methodaccording to claim 1, wherein the blockchain is permissioned with thevalidator devices being vetted by the provider system.
 4. The methodaccording to claim 3, wherein the validator devices are selected from aplurality of access devices.
 5. The method according to claim 4, whereinthe provider system, the plurality of access devices, and the validatordevices communicate to each other over a virtual private networkimplemented by the provider system over a public network.
 6. The methodaccording to claim 1, wherein the method further comprises: submitting afirst start request to the provider system for starting operation of thefirst access device, returning an indication of a plurality ofverificator devices to the first access device in response to the firststart request, submitting a first verification request for verifying thefirst access device to the verificator devices, verifying the firstaccess device in response to the first verification request, andtransmitting the cryptographic information to the first access device inresponse to a second consensus of at least some of the verificatordevices to a positive result of said verifying the first access device.7. The method according to claim 6, wherein the method furthercomprises: submitting a second start request for starting operation ofthe first access device to the provider system, and refusing the secondstart request in response to a lack of the new block in the blockchainbeing more recent than the second start request.
 8. The method accordingto claim 6, wherein the method further comprises: determining a firstdevice fingerprint thereof based on one or more physical featurescharacterizing the first access device, submitting the firstverification request comprising the first device fingerprint to theverificator devices, and verifying by each of the verificator devicesthe first access device according to corresponding known fingerprints ofthe first access devices in response to the first verification request,the first access device being verified according to a match of the firstdevice fingerprint of the first access device with the correspondingknown device fingerprint.
 9. The method according to claim 8, whereinthe method further comprises: selecting the verificator devices among aplurality of access devices, determining a second device fingerprintthereof, submitting a second verification request for verifying thefirst device fingerprint of the first access device and the seconddevice fingerprint of the verificator device to the provider system,determining a result of said verifying the first access device for eachof the verificator devices according to a match of the first devicefingerprint of the first access device and the second device fingerprintof the verificator device with the corresponding known devicefingerprints in response to the second verification request, andreturning the result of said verifying the first access device for eachof the verificator devices to the verificator device.
 10. The methodaccording to claim 9, wherein for each of the verificator devices themethod further comprises: saving the result of said verifying the firstaccess device, receiving a third verification request for verifying thefirst access device from the first access device, and retrieving theresult of said verifying the first access device being saved therein inresponse to the third verification request.
 11. The method according toclaim 1, wherein the method further comprises: generating a new versionof the cryptographic information, notifying a future use at a changetime of the new version of the cryptographic information to the firstaccess devices, submitting corresponding further access requests foraccessing the data by the plurality of access devices to the validatordevices in response to said notifying the future use, validating thefurther access requests according to the corresponding entitlements,updating the blockchain by adding further new one or more of the blockseach comprising an indication of one or more of the further accessrequests in response to a consensus of at least some of the validatordevices to a positive result of said validating the correspondingfurther access requests, transmitting the new version of thecryptographic information to each of the plurality of access devices inresponse to the corresponding further new block, encrypting the datainto a new version of the encrypted data according to the new version ofthe cryptographic information after the change time, and decrypting theencrypted data into the data according to the new version of thecryptographic information after the change time.
 12. The methodaccording to claim 1, wherein the method further comprises: submittingcorresponding entitlement requests for setting the entitlements to thevalidator devices, validating each of the entitlement requests, updatingthe blockchain by adding still further new one or more of the blockseach comprising an indication of one or more of the entitlements inresponse to a positive result of said validating the correspondingentitlement requests, and validating the first access request accordingto the entitlement of the first access device contained in theblockchain.
 13. The method according to claim 12, wherein the methodfurther comprises: constructing the first access request according tothe entitlement of the first access device contained in the blockchain.14. The method according to claim 1, wherein the data comprise atelevision transmission, the method further comprising: providing thetelevision transmission being decrypted to a TV set for displayingthereon.
 15. The method according to claim 1, wherein the first accessdevices that submitted the first access request is one of a plurality offirst access devices that comprise corresponding decoder devices andcorresponding portable devices removably coupled therewith, the portabledevices storing further cryptographic information, wherein the methodfurther comprises: generating a cryptographic key according to thecryptographic information and the further cryptographic information,encrypting the data with the cryptographic key, generating thecryptographic key according to the cryptographic information beingtransmitted thereto by the provider system and to the furthercryptographic information being retrieved from the correspondingportable device, and decrypting the encrypted data with thecryptographic key.
 16. The method of claim 1, wherein the method furthercomprises: transmitting cryptographic information to each of a pluralityof access devices in response to the consensus of at least some of aplurality of validator devices to a new block of the blockchaincomprising an indication of the positive result of a validation of thefirst access request for accessing the data by the first access device.17. The method of claim 1, the method further comprises: receiving afirst access request for accessing the data from a second access device,validating the first access request according to correspondingentitlements to access the data being granted by a provider system to aplurality of access devices, updating a blockchain comprising a sequenceof blocks linked to each other according to corresponding hashes, byadding a new one of the blocks comprising an indication of the firstaccess request in response to a consensus at least partial of aplurality of validator devices comprising the first access device to apositive result of said validating the first access request, submittinga second access request for accessing the data by the first accessdevice to the validator devices, receiving cryptographic informationfrom the provider system in response to a further new one of the blockscomprising an indication of the second access request, receiving thedata encrypted according to the updated cryptographic information beingbroadcast by the provider system, and decrypting the encrypted data intothe data according to the updated cryptographic information.
 18. Acomputer program product for controlling access to data being broadcastover a telecommunication medium, the computer program product comprisinga computer readable storage medium having program instructions embodiedtherewith, the program instructions executable by a computing structureto cause the computing structure to perform a method comprising:transmitting, by the provider system, cryptographic information inresponse to a blockchain being updated by a plurality of validatordevices, the blockchain comprising a sequence of blocks linked to eachother according to corresponding hashes, by adding a new one of theblocks comprising an indication of the first access request in responseto a first consensus of at least some of the validator devices to apositive result of said validating the first access request, encrypting,by the provider system, the data into encrypted data according to thecryptographic information, wherein the encrypted data can be decryptedby a first access device using the cryptographic information and a localkey from a drive of the first access device, and broadcasting, by theprovider system, the encrypted data.
 19. The computer program productaccording to claim 18, wherein the method further comprises:determining, by the first access device that submitted the first accessrequest, a first device fingerprint thereof based on one or morephysical features characterizing the first access device, andauthenticating the first access device according to corresponding knownfingerprints of the plurality of access devices, the first access devicebeing authenticated according to a match of the first device fingerprintof the first access device with the corresponding known devicefingerprint.
 20. A structure for controlling access to data beingbroadcast over a telecommunication medium, the structure comprising aprovider system, a plurality of access devices, and a plurality ofvalidator devices, wherein: the provider system has a circuitry fortransmitting cryptographic information in response to a blockchain beingupdated by a plurality of validator devices, the blockchain comprising asequence of blocks linked to each other according to correspondinghashes, by adding a new one of the blocks comprising an indication ofthe first access request in response to a first consensus of at leastsome of the validator devices to a positive result of said validatingthe first access request, the provider system has a circuitry forencrypting the data into encrypted data according to the cryptographicinformation, wherein the encrypted data can be decrypted by a firstaccess device using the cryptographic information and a local key from adrive of the first access device, the provider system has a circuitryfor broadcasting the encrypted data.
 21. The structure of claim 20,wherein: the first access device has a circuitry for submitting a firststart request to the provider system for starting operation of the firstaccess device, the provider system has a circuitry for returning anindication of a plurality of verificator devices to the first accessdevice in response to the first start request, the first access devicehas a circuitry for submitting a first verification request forverifying the first access device to the verificator devices, each ofthe verificator devices has a circuitry for verifying the first accessdevice in response to the first verification request, and the providersystem has a circuitry for transmitting the cryptographic information tothe first access device in response to a second consensus of at leastsome of the verificator devices to a positive result of said verifyingthe first access device.
 22. A method for controlling access to databeing broadcast over a telecommunication medium, wherein the methodcomprises: submitting, by a first access device of a plurality of accessdevices, a first access request for accessing the data by the firstaccess device to a plurality of validator devices, receiving, by thefirst access device, cryptographic information sent by a provider systemin response to a blockchain being updated by a plurality of validatordevices, the blockchain comprising a sequence of blocks linked to eachother according to corresponding hashes, by adding a new one of theblocks comprising an indication of the first access request in responseto a first consensus of at least some of the validator devices to apositive result of said validating the first access request, receiving,by the first access device, the encrypted data being broadcast by theprovider system, and decrypting, by the first access device, theencrypted data into the data according to the cryptographic informationin combination with a local key from a drive of the first access device.23. The method according to claim 22, wherein the method furthercomprises: determining, by the first access device that submitted thefirst access request, a first device fingerprint thereof based on one ormore physical features characterizing the first access device, andauthenticating the first access device according to corresponding knownfingerprints of the plurality of access devices, the first access devicebeing authenticated according to a match of the first device fingerprintof the first access device with the corresponding known devicefingerprint.
 24. The method according to claim 22, wherein the methodfurther comprises: submitting a first start request to the providersystem for starting operation of the first access device, returning anindication of a plurality of verificator devices to the first accessdevice in response to the first start request, submitting a firstverification request for verifying the first access device to theverificator devices, verifying the first access device in response tothe first verification request, and transmitting the cryptographicinformation to the first access device in response to a second consensusof at least some of the verificator devices to a positive result of saidverifying the first access device.
 25. The method according to claim 22,wherein the method further comprises: generating a new version of thecryptographic information, notifying a future use at a change time ofthe new version of the cryptographic information to the first accessdevices, submitting corresponding further access requests for accessingthe data by the plurality of access devices to the validator devices inresponse to said notifying the future use, validating the further accessrequests according to the corresponding entitlements, updating theblockchain by adding further new one or more of the blocks eachcomprising an indication of one or more of the further access requestsin response to a consensus of at least some of the validator devices toa positive result of said validating the corresponding further accessrequests, transmitting the new version of the cryptographic informationto each of the plurality of access devices in response to thecorresponding further new block, encrypting the data into a new versionof the encrypted data according to the new version of the cryptographicinformation after the change time, and decrypting the encrypted datainto the data according to the new version of the cryptographicinformation after the change time.